Form Based Email

Originally, many of my pages had my email address so people can contact me. (Some still do ... working on that.)

Unfortunately, the spammers used those to overload my mailbox.

Solution - use form based email to hide the email address.

And the spammers figured out how to use that to send crap - but no where near as much.

In 1997, various groups began developing methods (such as CAPTCHA's) to protect all types of online data submissions, including form mail.

This series of pages discusses various aspects of sending email via a form ... with specific information on doing this with a GoDaddy account (good service ... but lousy help).


Customized Form Based Email

On my old site, every page had an email link for feedback that was customized so that I could determine what page the user was looking at. (Perhaps that's why I get so much spam.)

When I replaced the email links with form mail, I kept the same capability via links like

Code in the form extracts the string after the equals sign and uses it in the email subject line. Unfortunately, that action requires javascript to be turned on in the user's browser (it would be better to call a server-side script), but it hasn't caused a problem (that I know of) ... yet. These 2 hidden fields are used to provide data identifying the form the user was viewing. In practice, I use several forms with different values for Site_ID.


Referring Page

When a user clicks a link, the address of the page with the link is available via document.referrer Note that this is blank if the user types the url (or uses favorites) instead of clicking it.


Security Warning

Never, ever, for any reason, place any email address in a form if that address will be used by some program as the email destination ... even in a hidden field. If you do, then your server program can be hijacked to send spam to thousands. In ALL cases, be sure that the TO email address is configured on the server in such a way that no hacker can modify it.

That being said, I sometimes use a single server-side script to send email to different addresses. This is handled by setting a value that is used to select the actual address from a list on the server. Normally, this value is hidden, but you could also provide a pick list, comboBox, or other method for user selection. Note - the email address are never included in the form.


Other Considerations

My primary interest in form based email was to reduce spam. However, there are other uses

Another consideration is organizations where several people might want email. In this case, you will want to address the email to some group address, and then add and removes users from the group as appropriate.


Author: Robert Clemenzi
URL: http:// mc-computing.com / ISPs / FormMail.html